[p2p-hackers] P2P Authentication

[Davide Carboni]

>
>   Completely decentralized p2p applications have the advantage of
> being especially resilient to DoS and other attacks on centrality.
> Introducing centralized components negates this advantage.  In the
> case of using CAs in a p2p app, the entire network can be disabled by
> attacking the CAs.

Not true. The CA is never contacted during p2p handshaking. It is
defacto outside the network and it is supposed to sign a peer
certificate only once in the lifetime of a peer. You can even drop a
bomb on the CA and the network keeps working. The only side effect is
that new peers that have not a certificate yet, cannot join.
Nobody  is disputing the advantages of decentralized network, but the
use of a common well-reputed CA allows to build a certain level of
trust in a p2p network which can be still completely decentralized
regarding indexing, searching, and delivery of resources.
My two cents.
Bye


--
I lose control 'cause I'm a creature of the night (Bruce and Bongo)
--
http://people.crs4.it/dcarboni